package com.yuyou.hxyy.gateway.security;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.context.NullSecurityContextRepository;
import org.springframework.web.cors.CorsUtils;

import com.yuyou.hxyy.gateway.security.filter.VerifyTokenFilter;
import com.yuyou.hxyy.gateway.security.handler.AccessDeniedHandlerImpl;
import com.yuyou.hxyy.gateway.security.handler.AuthenticationFailureHandlerImpl;
import com.yuyou.hxyy.gateway.security.handler.AuthenticationSuccessHandlerImpl;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource;

	@Autowired
	private AuthenticationSuccessHandlerImpl authenticationSuccessHandlerImpl;
	@Autowired
	private AuthenticationFailureHandlerImpl authenticationFailureHandlerImpl;
	@Autowired
	private AccessDeniedHandlerImpl accessDeniedHandlerImpl;

	@Autowired
	private AuthenticationManager authenticationManager;

	@Override
	public void configure(WebSecurity web) throws Exception {
		// web.ignoring().antMatchers("/","/api/login");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		
		http.authorizeRequests()
				//跨域不拦截
				.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
				//使用拦截器来拦截请求
				.anyRequest()
				.permitAll()
				// 不需要session来控制,所以这里可以去掉
				.and()
				.securityContext()
				.securityContextRepository(new NullSecurityContextRepository())
				.and()
				.formLogin()
				// 开启登录
				.loginPage("/api/login")
				.successHandler(authenticationSuccessHandlerImpl)
				// 登录成功
				.failureHandler(authenticationFailureHandlerImpl)
				// 登录失败
				.authenticationDetailsSource(authenticationDetailsSource).and()
				.exceptionHandling()
				.accessDeniedHandler(accessDeniedHandlerImpl)
				
				.and()
				// 退出登录自己来控制
				.logout().disable()
				// 因为没用到cookies,所以关闭cookies
				.csrf().disable()
				//启用跨域
				.cors()
				.and()
				// 验证token
				.addFilterBefore(new VerifyTokenFilter(),
						UsernamePasswordAuthenticationFilter.class);

	}

}
